Re: If you work with removing Rootkits you should read this.

From: Matt Gibson (mattg_at_blueedgetech.ca)
Date: 03/10/05

Next message: jeffrey: "MrxSmb Event ID 3019 and event ID 11708"
Previous message: Joe: "Re: MyWay.MyBar"
In reply to: Bigbruva: "If you work with removing Rootkits you should read this."
Next in thread: Bigbruva: "Re: If you work with removing Rootkits you should read this."
Reply: Bigbruva: "Re: If you work with removing Rootkits you should read this."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 10 Mar 2005 14:15:47 -0800

Why don't you just run Rootkit revealer from Bart-PE...you'll get mostly the
same level of reporting.

Oh, and rootkit revealer was released shortly after that paper was...many
think in a reponse TO that paper.

Matt Gibson - GSEC

"Bigbruva" <Richardh@dontusethis.ws> wrote in message
news:e%23wCShaJFHA.2936@TK2MSFTNGP15.phx.gbl...
> Hi all
>
> I came across this excellent whitepaper on the Microsoft Research Web
> site.
> It discusses a tool they have developed that will detect Rootkits (or
> Ghostware as they call it), rather like the Sysinternals RootkitRevealer
> but with some very interesting "Out of Box" scanning capability.
>
> http://research.microsoft.com/research/pubs/view.aspx?type=Technical%20Report&id=875
>
> If you work will removing Rootkits etc it looks like we will have a
> Microsoft tool to help, the only question is when?
> From the Web site:
>
> "Strider GhostBuster will be released either as a research prototype or as
> part of Microsoft products. "
>
> Please MS release this tool soon! Pretty please! :-)
>
>
> BB
>

Next message: jeffrey: "MrxSmb Event ID 3019 and event ID 11708"
Previous message: Joe: "Re: MyWay.MyBar"
In reply to: Bigbruva: "If you work with removing Rootkits you should read this."
Next in thread: Bigbruva: "Re: If you work with removing Rootkits you should read this."
Reply: Bigbruva: "Re: If you work with removing Rootkits you should read this."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Ctrl Alt Delete
... troubkeshooting with rootkit, but as the name says Rootkit revealer. ... (sorry nass,, its just that i saw so many people jumping up and down, all bombed outta their ... asking for trouble, i dont even mess in there myself, because i know i am not savvy enough to do so ...
(microsoft.public.windowsxp.general)
Re: MSE
... I re-read your post that I responded to, and understood what you were saying a little better. ... However, the first time a glanced at it, it gave me the impression that there was "no such thing as a rootkit"!!?!!! ... I wasn't trying to suggest cutting-edge Antivirus software, but rather, by downloading the Sysinternals' "Rootkit Revealer" program, that the OP would be able to have a greater understanding of what exactly it is that makes for a "rootkit"... ...
(microsoft.public.windowsxp.general)
Re: MSE
... particular, a method of stealth that takes advantage of the Windows API, by interception ... Microsoft's "RootKit Revealer" utility is a place to start if you believe you may have ... Gmer, Avast's ASWMBR and Kaspersky's TDSKiller are suggested ... Sysinternals RootKit Revealer is not one of them. ...
(microsoft.public.windowsxp.general)
Re: sneaky trojan startup process
... The new one I found is "gmer". ... Havn't been rooted since so I don't know if it can see a rootkit, ... There's only 2 reviews. ... Rootkit revealer has the perfect name, it basically reveals if you have ...
(alt.machines.cnc)
Re: Ctrl Alt Delete
... troubkeshooting with rootkit, but as the name says Rootkit revealer. ... nass wrote: ... I have Administrator rights, and I do not know what i did for this ...
(microsoft.public.windowsxp.general)